|
JSSE has been integrated into the J2SDK!
JSSE has been integrated into the
JavaTM 2 SDK, Standard Edition
(J2SDK), v 1.4, which is currently a Beta release.
Overview
The JavaTM Secure Socket Extension (JSSE)
1.0.2 is a set of Java packages that enable secure Internet communications. It
implements a Java version of SSL (Secure Sockets Layer) and TLS
(Transport Layer Security) protocols and includes
functionality for data encryption, server authentication, message
integrity, and optional client authentication. Using JSSE,
developers can provide for the secure passage of data between a
client and a server running any application
protocol (such as HTTP, Telnet, NNTP, and FTP) over TCP/IP.
This release of JSSE is a non-commercial reference
implementation that demonstrates a working example of the JSSE
APIs. A reference implementation is similar to a proof-of-concept
implementation of an API specification. It is used to demonstrate that
the specification is implementable and that various compatibility
tests can be written against it.
A non-commercial implementation typically lacks the overall completeness of a commercial-grade product. While the implementation meets the API specification, it will be lacking things such as a fully-featured toolkit, sophisticated debugging tools, commercial-grade documentation and regular maintenance updates.
Changes in JSSE with version 1.0.2:
- Recent modifications in the United States export regulations
now allow Sun to include stronger cryptographic algorithms in
the global version of JSSE. Note that while there are two downloads,
a domestic (US/Canada) and a global version, they provide the same encryption
strength. The domestic version supports alternate SSL security
providers; the global version supports only the Sun SSL provider.
- JSSE was modified to run on PersonalJavaTM 3.1.
- JSSE 1.0.2 incorporated several bug fixes.
- JSSE 1.0.2 incorporated documentation improvements, including a
substantially expanded and clarified JSSE API User's Guide.
Why use JSSE?
JSSE enables developers to utilize secure, encrypted
communication channels in their applications. By abstracting
the complex underlying security algorithms and "handshaking"
mechanisms, JSSE minimizes the risk of creating subtle
but dangerous security vulnerabilities. Furthermore, it simplifies
application development by serving as a building block which
developers can integrate directly into their applications.
The JavaTM Secure Socket
Extension (JSSE) 1.0.2 provides
Secure Sockets Layer (SSL) v3 and Transport Layer
Security (TLS) 1.0 support to the Java 2 Platform. SSL is a
public-key-based network security protocol widely used to
authenticate, privacy-protect, and ensure message integrity
of transactions made over the Internet.
Important Features
- Pure Java implementation
- Exportable
- Secure Sockets Layer (SSL) v3 support
- Transport Layer Security (TLS) 1.0 support
- Basic utilities for key and certificate management, including
securely encrypted storage of private keys and Certificate
Authority (CA) support
- SSLSocket and SSLServerSocket classes, which can be
instantiated to create secure channels
- Cipher Suite negotiation, which performs SSL "handshaking"
to initiate or verify secure communications
- Client and server authentication, as a part of the normal
SSL handshaking
- HTTPS support: the ability to access data such as HTML pages
using HTTPS
- Server Session Management to manage the cache of sessions.
- RSA cryptography algorithms -- the JSSE implementation includes code
licensed from RSA Data Security.
- Cryptographic suites, including:
Domestic and Global
|
Cryptographic Suite
|
Key Length
|
|
RSA public key (authentication and key agreement)
|
2048 bits (authentication), 2048 bits (key agreement)
|
|
RC4 (bulk encryption)
|
128 bits
|
|
DES (bulk encryption)
|
64 bits (56 effective)
|
|
Triple DES (bulk encryption)
|
192 bits (112 effective)
|
|
Diffie-Hellman public key (key agreement)
|
1024 bits
|
|
DSA public key (authentication)
|
2048 bits
|
Business Considerations
Sun's release of JSSE 1.0.2 is a non-commercial reference implementation.
However, the binary implementation may be used royalty-free as part of
commercial applications. See the
software license for more
information.
The objective of this release is to provide an exportable version of JSSE with strong encryption, enable JSSE compatibility with PersonalJavaTM 3.1 and fix bugs.
Questions, Support, Reporting Bugs and Feedback
Questions
For miscellaneous questions about JSSE 1.0.2 usage and deployment,
we encourage you to read the
JSSE 1.0.2 Frequently Asked Questions (FAQ), the
Java Security Q&A Archives
and the Java Developer Connection forums.
These discussion forums allow you to tap into the experience of other
users, ask questions, or offer tips to others on a variety of Java related
topics including JSSE 1.0.2. There is no fee to participate.
Although not supported by Sun, an alternative for technical expertise may be found at:
http://www.hotdispatch.com/sun
Support
For more extensive JSSE 1.0.2 questions or deployment issues,
Sun currently offers several levels of developer support for the
Java 2 platform (including the JSSE 1.0.2 Extension):
-
Per-Incident
-
Developer Access DirectSM
-
Developer Access PlusSM
For more information, please see:
http://www.sun.com/developer/support/
Please be aware that we may be barred from offering technical support specifically regarding encryption implementations of the JSSE APIs to people outside the U.S. or Canada, according to U.S. regulations.
Reporting Bugs
To report bugs or request a feature, please see:
http://java.sun.com/cgi-bin/bugreport.cgi
Feedback
Please send general comments about JSSE 1.0.2 to:
java-security@sun.com.
Though we value your input, before sending your feedback, please search the
Java Security Q&A Archives
and review our pages of
Frequently Asked Questions (FAQ).
Please note that due to the volume of messages we receive, we may not
be able to respond to every individual message.
For other comments/suggestions concerning the web sites, please use
the feedback form.
Requirements
JSSE 1.0.2 requires that you have JavaTM 2
SDK v 1.2.1 or later or JavaTM 2 Runtime Environment
v 1.2.1 or later already installed.
More Info
Downloads
JSSE is packaged so that you can download the class libraries (binaries for domestic or export versions) and documentation, documentation only, or sample source code. The documentation consists of the API User's Guide and the API Specification. The JSSE 1.0.2 API Specification is also available for viewing online.
Note: If your browser renames the zip files when you download them, you may simply unzip them the way they are or you may rename them to their original names and then unzip them.
THE DOMESTIC VERSION OF THE SOFTWARE IS RESTRICTED TO THE UNITED STATES AND CANADA. If you do not reside in the
United States or Canada, you will not be able to download the domestic version.
JSSE 1.0.2 software and documentation
JSSE 1.0.2 documentation only
JSSE 1.0.2 sample source code
Please contact csr-customer-service@Sun.COM for download problems.
Most Recent Release
JSSE has been integrated into the
JavaTM 2 SDK, Standard Edition
(J2SDK), v 1.4, which is currently a Beta release.
HOME |
CHANGES |
README |
LICENSE |
COPYRIGHT
INSTALL |
FAQ |
KNOWN BUGS |
SUBMIT BUGS
|